Overview

overview

7

Static

static

3

e93d922dc9...02.exe

windows7-x64

7

e93d922dc9...02.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/03/2024, 00:43

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e93d922dc925dec6094dc41d1799677f709b42ed566eb66e24c2e7b621134a02.exe

  • Size

    200KB

  • MD5

    652164ec33cbdd05994b6b534d32c38c

  • SHA1

    7d65f2c8b6b9f7c4f962ec9b0671a4d4a51ef23c

  • SHA256

    e93d922dc925dec6094dc41d1799677f709b42ed566eb66e24c2e7b621134a02

  • SHA512

    d3d91d005e6c9a64b820b6d95b12458f90d172ff8ed9cba76cf19e514829f3695b2068b3dded1024e51326f7ff8c561d88b24f39c81ba6031325ca133fd107d3

  • SSDEEP

    6144:wf0VcYHEyAUrj/3/4rA/bPSdMlZnLAJG1B7u:G0bhT/lbkMUG1BC

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e93d922dc925dec6094dc41d1799677f709b42ed566eb66e24c2e7b621134a02.exe
    "C:\Users\Admin\AppData\Local\Temp\e93d922dc925dec6094dc41d1799677f709b42ed566eb66e24c2e7b621134a02.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:5056
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 396
      2⤵
      • Program crash
      PID:3700
    • C:\Users\Admin\AppData\Local\Temp\e93d922dc925dec6094dc41d1799677f709b42ed566eb66e24c2e7b621134a02.exe
      C:\Users\Admin\AppData\Local\Temp\e93d922dc925dec6094dc41d1799677f709b42ed566eb66e24c2e7b621134a02.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4736
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 364
        3⤵
        • Program crash
        PID:3284
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 5056 -ip 5056
    1⤵
      PID:3248
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4736 -ip 4736
      1⤵
        PID:1928

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\e93d922dc925dec6094dc41d1799677f709b42ed566eb66e24c2e7b621134a02.exe
              Filesize

              200KB

              MD5

              842f647c499938697d21c4b52a4a6ed3

              SHA1

              fa2d50c1131ff29f0764578355894fa152d44b7b

              SHA256

              84c17a71d8d0b6d47805dce11b21cc11704a5f3e6fe31f6a1cae601652ed0ec8

              SHA512

              7492a41ac8591f7d8539b0f8257ffa1753b0bb6d608bc49d77bc6d4e7c23153fce7033b4169c2542555dc80163ca316e8f4a6b490ec3b1ca9f82ddf0fe7f8f89

              Download Submit

            • memory/4736-6-0x0000000000400000-0x000000000043F000-memory.dmp

              Filesize

              252KB

              Download

            • memory/4736-8-0x0000000000400000-0x000000000041A000-memory.dmp

              Filesize

              104KB

              Download

            • memory/4736-11-0x00000000001B0000-0x00000000001EF000-memory.dmp

              Filesize

              252KB

              Download

            • memory/5056-0-0x0000000000400000-0x000000000043F000-memory.dmp

              Filesize

              252KB

              Download

            • memory/5056-7-0x0000000000400000-0x000000000043F000-memory.dmp

              Filesize

              252KB

              Download